% This file is part of the i10 thesis template developed and used by the
% Media Computing Group at RWTH Aachen University.
% The current version of this template can be obtained at
% <http://www.media.informatik.rwth-aachen.de/karrer.html>.

\chapter{Summary and future work}
\label{summaryandfuturework}

%here

\section{Summary and contributions}
\label{summaryandfuturework.summary}


In this thesis, we addressed access control requirements in a traceability network. We presented an ERBAC concept to fulfill access control requirements in the traceability network. It extends traditional RBAC system with some innovative concepts and integrates some state-of-art technologies in the domain of access control. In ERBAC concept, we proposed a RSS to be a core service provider to enable cooperation between participants in the traceability. We defined and implemented Role Administration Features to enable role management, which provides fundamentals for access control in the traceability network. We employed distributed mechanism such as voting for the Role Grant and Role Delete process in Role Administration features. And we gave innovative role definitions with General Roles and Perspective Roles. In conclusion, our ERBAC system enables role-based access control in distributed environment, and its concept of roles inspires feasible role definition mechanisms in a supply chain.


\section{Future work}
\label{summaryandfuturework.futurework}
\index{future work|(}

%here
Much remains to be done to realize the promise of ERBAC system. One of the outstanding problems is to deal with item composition and decomposition. It requires more policies to authorize the requestor when it has a General Role associated with only a part of composite item. And proper schemas should be added to adopt composition and decomposition in the ERBAC system. Recent research has been reported in \fullcite{1193855}. The other problem needs more research in realization of ERBAC system is fault tolerance requirement in the communication of distributed participants. As communication between participants occurs intensively for role administration in ERBAC system, how to make the system dependent is also an issue to be addressed.%\todo{role certificate that can reduce RSS's workload}
%\todo {1.Talk something about dealing with itme composition and decomposition}
%\todo {2.Talk about fault tolerance in voting mechanism}
%We have use the asynchronized method to invoke the voting services, which means the RSS will not block while waiting for voting results from partners. Other side, to update participants role hierarchy when adding or deleting roles also a latency-prone issues.


\index{future work|)}